Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://paypal-logiin.blogspot.com/2021/02/
Detected Brand
PayPal
Country
International
Confianza
100%
HTTP Status
200
Report ID
d95554d6-e27…
Analyzed
2026-02-05 11:53
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F6523172A0599A3B1263C6E8A3B1EB4BFB418185C9D2014AD5F9D35C2FE3DB2DC1A215 |
|
CONTENT
ssdeep
|
192:GCAdFbOLVgwtlnbbJ6BMcUqaupsBZcTBrhx:IvCLPlnbdmTpGIB9x |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fe7e61e1809e9690 |
|
VISUAL
aHash
|
80809c9effffffff |
|
VISUAL
dHash
|
380b343438202024 |
|
VISUAL
wHash
|
8080849cfed8cfc7 |
|
VISUAL
colorHash
|
070020001c0 |
|
VISUAL
cropResistant
|
380b343438202024,4101499393614101 |
Análisis de Código
Risk Score
74/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de PayPal
• Método: Suplantación de identidad a través de un blog y un dominio engañoso.
• Exfil: Desconocido, pero podría ser a través de enlaces o formularios maliciosos.
• Indicadores: Coincidencia de dominio, alojamiento de blogspot, contenido genérico
• Riesgo: Alto
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- eval
- hex_escape
- unicode_escape
🎯 Kit Endpoints
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=pinterest
- https://paypal-logiin.blogspot.com/search
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=facebook
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=
- https://www.blogger.com/go/report-abuse
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=email
- /responsive/sprite_v1_6.css.svg#ic_post_blogger_black_24dp
- https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html
- https://www.blogger.com/share-post.g?blogID=4489207327022737830&postID=2045744429265506081&target=twitter
- https://paypal-logiin.blogspot.com/
- https://www.blogger.com/profile/01992965054440234456
- https://paypal-logiin.blogspot.com/2021/02/
- https://www.blogger.com
- https://paypal-logiin.blogspot.com/2021/02/what-are-ways-to-get-help-from-paypal.html#comments
- https://paypal-logiin.blogspot.com/feeds/posts/default
- https://www.blogger.com/feeds/4489207327022737830/posts/default
- https://paypal-logiin.blogspot.com/feeds/posts/default?alt=rss
📡 API Calls Detected
- GET
- post
📤 Form Action Targets
- https://paypal-logiin.blogspot.com/search
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain is clearly not the official PayPal domain.
Hosting Provider
Hosted on Blogspot, a common platform used for phishing.
Content Red Flags
Generic content not related to PayPal functionality.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Credential Harvesting Kit
Objetivo
PayPal users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
HIGH - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 36 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
PayPal
Official Website
paypal.com
Fake Service
PayPal Login/Customer Service
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The site uses a deceptive domain and generic content to lure users into visiting the page, with the aim to phish their credentials.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
paypal-logiin.blogspot.com
Registered
None
Registrar
None
Estado
None
🔬 JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
139,9 KB
🔗 API Endpoints Detected
Other
1
🔐 Obfuscation Detected
- : Light
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for paypal-logiin.blogspot.com
Found 3 other scans for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.